Linkedin Fel
Common criteria evaluation

Common criteria evaluationAs fast as possible

EAL4+ certification Within 4 months!

Common Criteria evaluation

Average Common Criteria certification projects will uphold you for 9 - 12 months. How about a freshly proven record for 4 months? We can half the project time using quick and agile methodology.

GGet in touch with us to finish your CC projects AS FAST AS POSSIBLE.

Common Criteria evaluation

We work together with exceptionally satisfied customers, we’ve helped them to:

  • get the first Common Criteria EAL4+ EN 419 241-2 certificate
  • certify products based on both EN 419 241-2 and EN 419221-5
  • complete an EAL4+ composite smartcard evaluation (eID) based on JCOP platform
  • acquire a complex encryption certification within 4 months

CCLab is a FIDO Accredited Security Laboratory!

FIDO currently accredits Security Labs to perform FIDO Security Evaluations as part of Authenticator Level 2 and higher. Conforming your products by a laboratory builds trust thanks to the worldwide accepted certification.

Authenticator Certification Level 2 (L2) evaluates FIDO Authenticator protection against basic, scalable attacks. For L2, the Authenticator is required to conform to solution included in FIDO allowed Restricted Operating Environment and Allowed Cryptography lists as part of the Authenticator Security Requirements.

How people use FIDO:

  • Security key
  • Fingerprint
  • Facial recognition
  • Voice
CCLab is a FIDO Accredited Security Laboratory!

Multiple benefits:

  • Mitigate data breach risks and damages
  • Deploy FIDO-enabled services to a rapidly growing addressable market
  • Low-friction user experience = more site visitors, brand affinity, employee productivity
  • The certification program ensures interoperability and security across your supply chain
  • Standards-based approach future-proofs your authentication investment
  • Huge cost-savings through avoidance of password resets, device provisioning, customer support

Smart Meter: Intelligent Measurement Device

Smart meters provide real-time information about energy usage for Public Utility Providers. This metering technology guarantees that continuous data is securely available for consumers and providers as well. CCLab is one of the first laboratories you can consult to evaluate smart devices within this industry.

Smart Meter: Intelligent Measurement Device

Properties of a Smart Meter:

  • Typically record energy hourly or more frequently, and report at least daily.
  • Two-way communication between the meter and the central system.
  • Communications from the meter to the network may wireless, or wired (e.g. power line carrier).
    Wireless communication options in common use (Wifi, mesh, LORA, etc.).be
  • Communication Protocols: IEC 61107/ IEC 62056, Open Smart Grid Protocol (OSGP), TCP/IP

We can help you

Complete certification and lifecycle management

Web Application Security

Common criteria evaluation

Swiss smart metering

Fido certification

Web Application SecurityWeb Application Security

CCLab proposes a step-by-step approach to its clients. The target security level can be reached on an increasing basis: first solving the most aching problems, then strengthening the security of the IT system gradually. During security evaluations we follow a methodology based on our Common Criteria evaluation experience.

“To be effective, Application Security” needs to cover the entire product development lifecycle: from design to implementation and testing - including training:

  • Security by design
    BCM consulting, BCP and DRP creation, UAC (User Acceptance Test) and security testing design and management, site security screening
  • Secure coding training
    Java, JavaScript, C, C++, C#, Python
  • Vulnerability assessment
    Using Flaw Hypothesis Methodology to analyse the operation and reveal possible vulnerabilities.
  • Penetration testing
    Our methodology is broader than ethical hacking, as it has expanded from our systematic evaluation methodology, which focuses on practical implementation. (conceptual black box testing, gray box testing and white box testing)
  • Hardening
    Examples of errors that can be corrected during hardening: lack of input validation (SQLi, XSS, RFI, LFI); bypassing of entitlement levels; weakly or poorly implemented cryptographic algorithms; memory management problems (Buffer Overflow), session management issues (session fixation, replay attack); vulnerabilities due to incorrect configuration.
  • Security audit
    This is a full site inspection which involves recognizing human behavioural patterns; examining areas in accordance with regulations; observing and enforcing security measures and deception, distraction; human behavioural change and social engineering techniques by applying information security awareness control.

For mobile applications CCLab proposes to follow the OWASP Mobile Application Security Verification Standard. The evaluation process is based on MASVS-L1 Standard Security level and additionally extended to MASVS-L2 Defense-in-Depth level.

contact us

Common criteria evaluationCommon criteria evaluation

CCLab offers evaluation services for Common Criteria conformance. . Evidence for the software security shall be provided through the Evaluation and Certification according to the standards of the internationally recognized Common Criteria (CC) Certification Scheme. CCLab is licensed under the Italian Scheme (OCSI), which is part of CCRA and SOGIS as well. Our license is valid up to the Evaluation Assurance Level (EAL) 4+.

CCLab is also experienced in Common Criteria Consultations.

We can help if you require a Certificate under a National Scheme, or you look for a CC expert, who can help to get over the difficulties of certification.

Our Laboratory staff is highly experienced, involved in Common Criteria evaluations for more than a decade. We have already evaluated products for example in the following fields:

  • remote Qualified Electronic Signatures and Seals (referred to collectively as QES) service according to eIDAS Regulation No 910/2014 at Sole Control Assurance Level 2 (SCAL2) according to EN 419241-1,
  • composite evaluations based on a SmartCard platform for contact/contactless smart card with ePassport application as a whole ‘travel document’ (Machine Readable Electronic Document) and Qualified Signature Creation Device (QSCD) Java Card™ applet,
  • high performance, low latency, multi-layer encryption appliance with web-based management software,
  • Disk Sanitizing software application what provides Sensitive Data Protection,
  • PKI based mobile ID solution for authentication server system for mobile-based second-factor authentication.

We can support you instantly. We use agile methodologies and toolsets imported from software development in project management and customer development. Thanks to our improved process EAL4+ certification is achievable within 4 months!

If you are not sure whether your product fits for a Common Criteria Certification, we offer Pre-evaluation services to prepare you for the Evaluation, in order to avoid delays and additional costs during the certification process. During pre-evaluation, our Consultants will evaluate the already existing documentation, help to define a Protection Profile or create a Security Target and will identify areas of non-conformance, or unmet criteria. We are looking forward to discussing your exact needs.

contact usMore about Common Criteria

Swiss smart meteringSwiss smart metering

The Smart Meter is an Intelligent Measurement Device which periodically records the measured values and sends the data encrypted to the Service Provider.

These devices need to be evaluated by an evaluation Laboratory, and need to be certified by METAS from 01.01.2020 according to Prüfmethodologie (Test Methodology for Execution of Data Security Evaluation of Swiss Smart Metering Components).

CCLAB evaluation methodology strictly follows the latest version of Pruefmethodologie issued by SWISSMIG.

The scope of evaluation methodology is based on the fulfilment of the requirements of the main components (HK):

  • Smart metering device (iMG)
  • Communication System (KS; Data concentrator (DC), other Gateway (GW))
  • Head End System (HES) through the respective test object (ToE or PG)

A ToE contains at least one iMG and a HES.

The evaluation process is divided to two parts, document evaluation and penetration testing. The document evaluation consists of the following parts:

  • IT-Security concept evaluation: 2-3 days
  • Product development, architecture, functionality documentation evaluation: 3-4 days
  • Product lifecycle document evaluation: 1 day

This is usually followed by an iteration, during which the manufacturer corrects the findings of the Laboratory.

Then comes the Penetration testing:

  • Penetration tests on the test site: 10-12 days

If you are interested,
contact us

Fido certificationFido certification

CCLAB is one of the 12 laboratories in the world that can issue FIDO certification in Authenticator Certification Level 2.

L2 evaluates FIDO Authenticator protection against basic, scalable attacks.

Authenticator Certification Level 1 is for:
any device HW or SW must defend against phishing, server credential breaches and MiTM attacks (better than passwords).

Authenticator Certification Level 1+ is for:
any device HW or SW should apply White Box Cryptography to defend against OS compromise.

At Authentication Certification Level 2:
the device must support allowed Restricted Operating Environment (ROE) (e.g. TEE, Secure Element), or intrinsically be a ROE (e.g. a USB token or Smart Card). It must defend against device OS compromise.

FIDO Authenticator Certification examples

  • L1 - Downloaded app making use of Touch ID in iOS
  • L1 - FIDO2 making use of the Android keystore. Keystore is not certified
  • L1 - FIDO2 built into a downloadable web browser app
  • L1+ - U2F in a downloadable app using white box and other techniques
  • L2 - UAF implemented as a TA in an uncertified TEE
  • L2+ - FIDO2 making use of the Android keystore. Keystore runs in a TEE that is certified at L2+

Did FIDO spark your interest?
contact us

Certification scheme under the Cyber Security Act
December 03, 2019 Jonatan

Being a member of the Ad Hoc Working Group Gábor will represent CCLAB and Hungary on the highest professional level.

Trident HSM Certification
August 23, 2019 Jonatan

Trident HSM is the second Signature Activation Module we have evaluated which achieved eIDAS conformity

FIDO Accreditation
August 22, 2019 Jonatan

CCLab has joined the FIDO Alliance

ADSS Server SAM
February 14, 2019 Jonatan

ADSS Server SAM successfully complies the eIDAS regulation.

Meet us here

Selected references

Magyar Telekom Magyar Telekom Magyar Telekom Magyar Telekom Magyar Telekom Magyar Telekom

Client testimonials

Előző Következő
Hid

The CCLab team gave us full support to adapt to the changes during product development. Whatever the challenges faced they could keep the due dates and we were able to complete the process quickly and efficiently. The real agile lab helped our success. We are going to work with them again. I highly recommend them to anyone wanting to get its product certified.

Dayton MARCUCCI Senior Director – Embedded Sofware and Middleware HID Global
skidsoulutions

We needed a lab that works quickly but with high work morale and quality of work. CCLab is exactly like that! It was good cooperation experience to work with them. The project was rather complex and our expectations maybe even too high, but the team was committed to the common goals and could keep the milestones; therefore we were able to deliver what was needed. I highly recommend CCLab team to anyone for their great team spirit, quality orientations, agility and reasonable pricing.

Kalev Pihl CEO SK ID Solutions
I4P Informatics Ltd.

Thanks to the agile processes we've been able to add new features to the product during the evaluation that made it even more valuable to customers. CCLAB efficiently supported us throughout the whole change management process. The predictability, accurate scheduling, and supportive mindset helped us to finish the project in time.

Zsolt Rózsahegyi CEO I4P Informatics Ltd.

Contact US

  • +36 20 248 7670 info@cclab.hu
  • Budapest

    H-1137 Budapest,
    Katona József utca 17.

  • Debrecen

    H-4025 Debrecen,
    Piac utca 45-47.

  • Budapest

    H-1117 Budapest,
    Budafoki út 91/C.

Budapest

H-1137 Budapest,
Katona József utca 17.

Debrecen

H-4025 Debrecen,
Piac utca 45-47.

Budapest

H-1117 Budapest,
Budafoki út 91/C.

Laboratory accreditations

Systrans-CCLab is an internationally acknowledged eva-luation facility under the Italian Common Criteria Scheme.

Our certification was issued by OCSI (Organismo di Certificatione della Sicurezza Informatica) under the registration number: No. 1/2015 with the official name

CCLab is an acknowledged testing laboratory. Our Laboratory accredited by NAH (Nemzeti Akkreditáló Hatóság) under the number: NAH-1-1815/2017

CCLab is accredited by the FIDO Alliance to perform Level 2 Authenticator Security Evaluations.

CCLab is accredited in accordance with the FIDO lab policy under the number: Certificate No. LA01010020190325001

CCLab Ltd. © 2019 - All rights reserved